LibTiff Mailing List

TIFF and LibTiff Mailing List Archive
January 2011

Previous Thread
Next Thread

Previous by Thread
Next by Thread

Previous by Date
Next by Date

The TIFF Mailing List Homepage
This list is run by Frank Warmerdam
Archive maintained by AWare Systems

Thread

2011.01.10 16:18 "Missing mkstemp() on Visual Studio 2008", by Jeff Mckenna

2011.01.10 16:59 "Re: Missing mkstemp() on Visual Studio 2008", by Edward Lam

2011.01.10 18:59 "Re: Missing mkstemp() on Visual Studio 2008", by Jeff Mckenna

2011.01.10 20:35 "Re: Missing mkstemp() on Visual Studio 2008", by Edward Lam

2011.01.10 20:37 "Re: Missing mkstemp() on Visual Studio 2008", by Edward Lam

2011.01.10 20:54 "Re: Missing mkstemp() on Visual Studio 2008", by Bob Friesenhahn

2011.01.10 21:30 "Re: Missing mkstemp() on Visual Studio 2008", by Edward Lam

2011.01.11 00:01 "Re: Missing mkstemp() on Visual Studio 2008", by Igor Skochinsky

2011.01.11 15:41 "Re: Missing mkstemp() on Visual Studio 2008", by Edward Lam

2011.01.11 16:18 "Re: Missing mkstemp() on Visual Studio 2008", by Olivier Paquet

2011.01.11 16:38 "Re: Missing mkstemp() on Visual Studio 2008", by Igor Skochinsky

2011.01.11 16:18 "Re: Missing mkstemp() on Visual Studio 2008", by Olivier Paquet

On Tue, Jan 11, 2011 at 10:41 AM, Edward Lam <edward@sidefx.com> wrote:
> On 1/10/2011 7:01 PM, Igor Skochinsky wrote:
>> Use instead tmpnam() followed by fopen() with mode "w+bTD" (write, binary,
>> temporary, delete on close).
>
> Good point. However, doesn't using tmpnam() will re-introduce the
> possibility of a TOCTOU attack? It took me a while to find the current
> CERT recommendation on this [1]. The sad state of affairs as I read it
> seems that there is no 100% secure way to create temporary files on
> Windows!?

Not if you open using CreateFile() with the CREATE_NEW disposition
which causes failure if the file exists. And of course also
FILE_ATTRIBUTE_TEMPORARY | FILE_FLAG_DELETE_ON_CLOSE. Then you
_open_osfhandle() and fdopen(). It's a mess but it works.

Olivier